Palamida Achieves “IBM Ready for Rational Software” Validation

Integration Promotes Preemptive Approach to Application Security for Open Source Code

SAN FRANCISCO, CA - February 3, 2009 -

Palamida, a leader in application security for open source, today announced its Palamida Enterprise Edition solution has received IBM’s “Ready for IBM Rational Software” validation. This solution will facilitate open source security checking earlier in the software development life cycle process.

Integration between Palamida Enterprise Edition and IBM Rational ClearCase enables automated code audits, the process of inventorying the open source software in use and alerting on security vulnerability issues, as part of the normal application build and release cycle. The integration helps ensure that security vulnerability and intellectual property issues are exposed early in the application development cycle when remediation is simpler and less costly.

Increased attacks against software and Web applications require securing the software supply chain for applications. Palamida has found that applications built in recent years typically contain 50 percent or more open source code, most of which is not being tracked. Organizations now need to ensure they understand the composition of their in-house applications including such aspects as what third-party code is in use, where it came from, and what vulnerabilities are associated with it. Organizations that are unaware of exactly what comprises their code base are open to data breaches, legal issues, and financial exposure.

“Open source is helping organizations deliver high-quality, more capable Web and software applications in less time, with fewer resources, but it is frequently used informally, without a clear approval or review process,” said Mark Tolliver, Palamida CEO. The integration with IBM Rational ClearCase helps organizations take advantage of open source by broadening their use of it, while ensuring application integrity.”

Integration with IBM Rational ClearCase provides mutual customers the following benefits:

• A new level of security functionality for increased return on investment in using IBM Rational tools and services.
• Complementary application security solution to IBM’s existing security software such as IBM Rational AppScan, which enables scanning and testing of application source code. With the new integration, joint customers now have a solution for software composition analysis, which addresses open source vulnerabilities including those in binary form.
• A reliable framework within the development cycle for security and IP stakeholders to collaborate in the approval, analysis, and remediation of security and IP issues utilizing alerts of violations against established policies, and maintain a record of the decisions for remediation.

IBM has been a leader in supporting and promoting open source software. An important aspect of pervasive open source use today is the management and security of it within mission critical applications. The Palamida Enterprise Edition enables organizations to create a comprehensive inventory of open source in use and then identifies issues of intellectual property violations and known and published security vulnerabilities. The software sends online vulnerability alerts as information is updated in the National Vulnerability Database and the Palamida R&D lab. It also enables organizations to annotate and tag all files and directories to create a permanent record of the software composition of applications, minimizing the security void arising from undocumented code. The latest 6.1 terabyte Palamida data library is also included along with 29,000 open source releases with vulnerability alerts.

Palamida provides the industry’s first application security solution exclusively for open source software. The Palamida Enterprise Edition uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities, as well as intellectual property and compliance issues. Using Palamida, organizations can cost-effectively manage and secure mission critical Web and software applications. Customers include Avaya, Cisco Systems, EMC, Microsoft, and Sun Microsystems, among others.

For more information visit: www.palamida.com.